Congress Seeks More Information On Epsilon Data Breach

More than likely, you've received at least one e-mail telling you that the databases of a company named Epsilon were breached and that your name and e-mail may have been exposed to hackers.

The breadth of the breach, as we reported earlier in the week, could make it the biggest of its kind in U.S. history.

And, now, Congress is demanding more information from Epsilon about exactly what information was stolen. The Hill reports that Sen. Richard Blumenthal (D-Conn.) wrote a letter to Attorney General Eric Holder:

"While some of Epsilon's client companies have notified their customers of the breach, other consumers may be unaware that their names, email addresses and other potentially identifying information may be at risk," Blumenthal said.

"I believe that immediate notification to all customers is vital to protect them — and enable them to protect themselves — from identity theft."

Blumenthal argued the names and email addresses could be used by criminals to obtain other financial information and recommended Epsilon or its clients pay for financial data security services and credit reports for affected consumers for two years.

The chairman of the Subcommittee on Privacy, Technology and the Law Sen. Al Franken told Politico that Americans should know more about who owns their information.

"Most of the people affected by the Epsilon breach had never heard of that company before this week," Franken told Politico in a statement. "We need to give Americans more awareness about who has their information and greater ability to protect it."

Epsilon for its part has remained relatively quiet. Alliance Data Systems Corp., Epsilon's parent company, put out a statement yesterday emphasizing that the data breach had only revealed the e-mail and names of its customers, not "personal identifiable information."

It said the breach affected about two percent of its client base:

"We fully recognize the impact this has had on our clients and their customers, and on behalf of the entire Alliance Data organization, we sincerely apologize," said Ed Heffernan, chief executive officer, Alliance Data. "While we can't reverse what has already happened, we are taking every measure necessary to protect our clients and their most valuable assets - their customers. Once detected, we took immediate action to implement additional safeguards and launched a full investigation. We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber-thieves with the greatest sense of urgency."